More stuff for new TLS ciphersuites.

author Ben Laurie <ben@openssl.org>

Sun, 21 Feb 1999 21:58:59 +0000 (21:58 +0000)

committer Ben Laurie <ben@openssl.org>

Sun, 21 Feb 1999 21:58:59 +0000 (21:58 +0000)
author Ben Laurie <ben@openssl.org>
Sun, 21 Feb 1999 21:58:59 +0000 (21:58 +0000)
committer Ben Laurie <ben@openssl.org>
Sun, 21 Feb 1999 21:58:59 +0000 (21:58 +0000)
diff --git a/apps/s_server.c b/apps/s_server.c

index c0546f6f9b0ea0529322bf758c70d4c0ad6e181f..35b9718b63475007f946c24efac6e6d43bfc4013 100644 (file)
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -75,7 +75,7 @@
  #include "s_apps.h"
  
  #ifndef NOPROTO
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
  static int sv_body(char *hostname, int s);
  static int www_body(char *hostname, int s);
  static void close_accept_socket(void );
@@ -1211,9 +1211,10 @@ err:
         return(ret);
         }
  
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength)
  SSL *s;
  int export;
+int keylength;
         {
         static RSA *rsa_tmp=NULL;
  
@@ -1221,11 +1222,11 @@ int export;
                 {
                 if (!s_quiet)
                         {
-                       BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+                       BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
                         BIO_flush(bio_err);
                         }
  #ifndef NO_RSA
-               rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+               rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
  #endif
                 if (!s_quiet)
                         {
diff --git a/ssl/s3_lib.c b/ssl/s3_lib.c

index 4d79895e99541de4a47301a4a5d54906873f8640..b6f5d82f218b91d88e65ed895d0dfcba9b42e255 100644 (file)
--- a/ssl/s3_lib.c
+++ b/ssl/s3_lib.c
@@ -752,15 +752,16 @@ STACK *have,*pref;
         else
                 cert=s->ctx->default_cert;
  
-       ssl_set_cert_masks(cert);
-       mask=cert->mask;
-       emask=cert->export_mask;
-                       
         sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp);
  
         for (i=0; i<sk_num(have); i++)
                 {
                 c=(SSL_CIPHER *)sk_value(have,i);
+
+               ssl_set_cert_masks(cert,c);
+               mask=cert->mask;
+               emask=cert->export_mask;
+                       
                 alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK);
                 if (SSL_IS_EXPORT(alg))
                         {
diff --git a/ssl/s3_srvr.c b/ssl/s3_srvr.c

index 233de6ca906af7f12cd2defe8598415589252c66..6fe489eb18905accb8867cb7ac72cf9f8ba589ca 100644 (file)
--- a/ssl/s3_srvr.c
+++ b/ssl/s3_srvr.c
@@ -945,7 +945,8 @@ SSL *s;
                         if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL))
                                 {
                                 rsa=s->ctx->default_cert->rsa_tmp_cb(s,
-                                       !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
+                                     !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                     SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
                                 CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA);
                                 cert->rsa_tmp=rsa;
                                 }
@@ -967,7 +968,8 @@ SSL *s;
                         dhp=cert->dh_tmp;
                         if ((dhp == NULL) && (cert->dh_tmp_cb != NULL))
                                 dhp=cert->dh_tmp_cb(s,
-                                       !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher));
+                                     !SSL_C_IS_EXPORT(s->s3->tmp.new_cipher),
+                                     SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher));
                         if (dhp == NULL)
                                 {
                                 al=SSL_AD_HANDSHAKE_FAILURE;
diff --git a/ssl/ssl.h b/ssl/ssl.h

index 7cbc2aaa8ca8dd543070c05568cfc2d670d3d75a..2a9cd7f5abdab2c2b4d779e2288c6e67662e28a1 100644 (file)
--- a/ssl/ssl.h
+++ b/ssl/ssl.h
@@ -1022,13 +1022,12 @@ int SSL_get_ex_data_X509_STORE_CTX_idx(void );
  #define SSL_CTX_set_read_ahead(ctx,m) \
         SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,0,NULL)
  
-/* For the next 2, the callbacks are 
- * RSA *tmp_rsa_cb(SSL *ssl,int export)
- * DH *tmp_dh_cb(SSL *ssl,int export)
- */
+     /* NB: the keylength is only applicable when export is true */
  void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,
-                                 RSA *(*cb)(SSL *ssl,int export));
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export));
+                                 RSA *(*cb)(SSL *ssl,int export,
+                                            int keylength));
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,
+                                DH *(*dh)(SSL *ssl,int export,int keylength));
  
  #ifdef HEADER_COMP_H
  int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm);
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c

index 862a555efa6398a69cc3ff1718bc1a8c7a79a177..c4be734af4feaabf03c29be1da77b71d59f54c91 100644 (file)
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -1131,46 +1131,49 @@ int (*cb)();
         X509_STORE_set_verify_cb_func(ctx->cert_store,cb);
         }
  
-void ssl_set_cert_masks(c)
+void ssl_set_cert_masks(c,cipher)
  CERT *c;
+SSL_CIPHER *cipher;
         {
         CERT_PKEY *cpk;
         int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign;
         int rsa_enc_export,dh_rsa_export,dh_dsa_export;
-       int rsa_tmp_export,dh_tmp_export;
+       int rsa_tmp_export,dh_tmp_export,kl;
         unsigned long mask,emask;
  
         if ((c == NULL) || (c->valid)) return;
  
+       kl=SSL_C_EXPORT_PKEYLENGTH(cipher);
+
  #ifndef NO_RSA
-       rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0;
-       rsa_tmp_export=((c->rsa_tmp_cb != NULL) ||
-               (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0;
+       rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL);
+       rsa_tmp_export=(c->rsa_tmp_cb != NULL ||
+               (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl));
  #else
         rsa_tmp=rsa_tmp_export=0;
  #endif
  #ifndef NO_DH
-       dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0;
-       dh_tmp_export=((c->dh_tmp_cb != NULL) ||
-               (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0;
+       dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL);
+       dh_tmp_export=(c->dh_tmp_cb != NULL ||
+               (dh_tmp && DH_size(c->dh_tmp)*8 <= kl));
  #else
         dh_tmp=dh_tmp_export=0;
  #endif
  
         cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]);
-       rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-       rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+       rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL);
+       rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
         cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]);
-       rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+       rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
         cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]);
-       dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
+       dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL);
         cpk= &(c->pkeys[SSL_PKEY_DH_RSA]);
-       dh_rsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-       dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+       dh_rsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+       dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
         cpk= &(c->pkeys[SSL_PKEY_DH_DSA]);
  /* FIX THIS EAY EAY EAY */
-       dh_dsa=  ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0;
-       dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0;
+       dh_dsa=  (cpk->x509 != NULL && cpk->privatekey != NULL);
+       dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl);
  
         mask=0;
         emask=0;
@@ -1236,13 +1239,13 @@ SSL *s;
         {
         unsigned long alg,mask,kalg;
         CERT *c;
-       int i,_export;
+       int i,export;
  
         c=s->cert;
-       ssl_set_cert_masks(c);
+       ssl_set_cert_masks(c,s->s3->tmp.new_cipher);
         alg=s->s3->tmp.new_cipher->algorithms;
-       _export=SSL_IS_EXPORT(alg);
-       mask=_export?c->export_mask:c->mask;
+       export=SSL_IS_EXPORT(alg);
+       mask=export?c->export_mask:c->mask;
         kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK);
  
         if      (kalg & SSL_kDHr)
@@ -1888,10 +1891,12 @@ SSL *s;
         return(s->rwstate);
         }
  
-void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export))
+void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl,int export,
+                                                         int keylength))
      { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb); }
  
-void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export))
+void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int export,
+                                                       int keylength))
      { SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh); }
  
  #if defined(_WINDLL) && defined(WIN16)
diff --git a/ssl/ssl_locl.h b/ssl/ssl_locl.h

index 0cb5288c32fdff3437e87b543992032c11fdbda0..e4d783aa13491e16cb9849ce21145f47d0834e25 100644 (file)
--- a/ssl/ssl_locl.h
+++ b/ssl/ssl_locl.h
@@ -275,8 +275,8 @@ typedef struct cert_st
  
         RSA *rsa_tmp;
         DH *dh_tmp;
-       RSA *(*rsa_tmp_cb)();
-       DH *(*dh_tmp_cb)();
+       RSA *(*rsa_tmp_cb)(SSL *ssl,int export,int keysize);
+       DH *(*dh_tmp_cb)(SSL *ssl,int export,int keysize);
         CERT_PKEY pkeys[SSL_PKEY_NUM];
  
         STACK *cert_chain;
@@ -366,7 +366,7 @@ int ssl_undefined_function(SSL *s);
  X509 *ssl_get_server_send_cert(SSL *);
  EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *);
  int ssl_cert_type(X509 *x,EVP_PKEY *pkey);
-void ssl_set_cert_masks(CERT *c);
+void ssl_set_cert_masks(CERT *c,SSL_CIPHER *cipher);
  STACK *ssl_get_ciphers_by_id(SSL *s);
  int ssl_verify_alarm_type(long type);
  
diff --git a/ssl/ssltest.c b/ssl/ssltest.c

index 4662770e3833dec0c81f9cacd0a53657ef624951..720abfa01ecae179536f8da12c0ff1a227d5ead3 100644 (file)
--- a/ssl/ssltest.c
+++ b/ssl/ssltest.c
@@ -75,7 +75,7 @@
  
  #ifndef NOPROTO
  int MS_CALLBACK verify_callback(int ok, X509_STORE_CTX *ctx);
-static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export);
+static RSA MS_CALLBACK *tmp_rsa_cb(SSL *s, int export,int keylength);
  #ifndef NO_DSA
  static DH *get_dh512(void);
  #endif
@@ -730,18 +730,19 @@ static DH *get_dh512()
         }
  #endif
  
-static RSA MS_CALLBACK *tmp_rsa_cb(s,export)
+static RSA MS_CALLBACK *tmp_rsa_cb(s,export,keylength)
  SSL *s;
  int export;
+int keylength;
         {
         static RSA *rsa_tmp=NULL;
  
         if (rsa_tmp == NULL)
                 {
-               BIO_printf(bio_err,"Generating temp (512 bit) RSA key...");
+               BIO_printf(bio_err,"Generating temp (%d bit) RSA key...",keylength);
                 BIO_flush(bio_err);
  #ifndef NO_RSA
-               rsa_tmp=RSA_generate_key(512,RSA_F4,NULL,NULL);
+               rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
  #endif
                 BIO_printf(bio_err,"\n");
                 BIO_flush(bio_err);
author	Ben Laurie <ben@openssl.org>
	Sun, 21 Feb 1999 21:58:59 +0000 (21:58 +0000)
committer	Ben Laurie <ben@openssl.org>
	Sun, 21 Feb 1999 21:58:59 +0000 (21:58 +0000)
apps/s_server.c		patch \| blob \| history
ssl/s3_lib.c		patch \| blob \| history
ssl/s3_srvr.c		patch \| blob \| history
ssl/ssl.h		patch \| blob \| history
ssl/ssl_lib.c		patch \| blob \| history
ssl/ssl_locl.h		patch \| blob \| history
ssl/ssltest.c		patch \| blob \| history